There was an attack on Wordpress blogs hosted at Network Solutions, but your host is probably guilty as well.

The gist of what happened is the wp-config.php was readable by the world and the crackers got access to the database passwords and logins which are stored in that file in plain text.

It is a Wordpress problem because that was considered best practice. In reality, none of your file need to be world readable, only readable by the web server, so you can safely eliminate any world read permissions.